The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.

CVE-2021-24905

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.

CVE-2022-0229

Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).

 Not fixed

**4.1**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 0.2.2

PSID 

b58a1a657a34

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires contributor or higher role user authentication.

Publicly disclosed

2022-01-27

**Details**

Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien in WordPress Price Table plugin (versions <= 0.2.2).

**Solution**

Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review.

**References**

CVE-2022-25604 Plugin page

CVE-2022-25604: WordPress Price Table plugin <= 0.2.2 - Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.

**Solution**

Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version (at least 1.0.77.32)

**Details**Show technical details

Tien Nguyen Anh discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Accelerated Mobile Pages Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.77.32.

**2 other known vulnerabilities for this plugin**To plugin page

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2021-23150: WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).

**Solution**

Update the WordPress AMP for WP – Accelerated Mobile Pages plugin to the latest available version (at least 1.0.77.33).

FearZzZz discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Accelerated Mobile Pages Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.77.33.

**2 other known vulnerabilities for this plugin**To plugin page

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2021-23209: WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities - Patchstack

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them

CVE-2022-22734

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE

CVE-2021-25003

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

CVE-2022-0165

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

CVE-2022-0441: Changeset 2667195 – WordPress Plugin Repository

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Tag

#wordpress